Use After Free Vulnerability in iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud
CVE-2020-9895

9.8CRITICAL

Key Information:

Vendor

Apple
Status
iOS
TV OS
Watch OS
Safari
Vendor
CVE Published:
16 October 2020

What is CVE-2020-9895?

A use after free vulnerability in various Apple products could allow attackers to exploit memory management issues, potentially leading to unexpected application termination or arbitrary code execution. This vulnerability has been addressed in the latest updates for iOS, iPadOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows, which significantly enhances the security of these platforms.

Affected Version(s)

iCloud for Windows < unspecified

iCloud for Windows (Legacy) < unspecified

iOS < unspecified

References

https://support.apple.com/HT211288
x_refsource_MISC
https://support.apple.com/HT211290
x_refsource_MISC
https://support.apple.com/HT211291
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.